Moving onto WebSockets

- [Instructor] With the release of HTML five…more sophisticated state management capabilities…are available to the web developer.…WebSockets provide the ability…to set up a full duplex communications channel…between the client and the server.…This requires a handshake over http or https.…To upgrade the protocol to ws or wss…and the WebSocket server to manage the protocol.…Firstly the client initiates a connection…by sending an https WebSocket handshake request…and the server responds with a status code…of 101 switching protocols.…

It then switches to WebSockets…and both the web browser and the web server communicates…using the WebSocket API according to RFC 6455,…the WebSocket protocol.…WebSocket D is an easy to use WebSocket…server written by Joe Walnes which we'll run on Ubuntu.…We can get the zip file of this server…from his GitHub page, unpack it and it'll be ready for use.…I've already loaded it on my Ubuntu system.…While WebSocket D provides the ability to maintain state…it doesn't actually do anything.…

Resume Transcript Auto-Scroll

Author

Released

12/19/2016

Websites and web applications are—by their very nature—accessible remotely, which puts them at high risk of cyber attacks. Knowing how to detect and prevent web attacks is a critical skill for developers and information security professionals alike. Find out how to test your sites and applications for weaknesses in this course with cybersecurity expert Malcolm Shore. Malcolm examines the various parts of a web application (focusing on the most vulnerable components), and introduces the Open Web Application Security Project (OWASP), which provides documentation, tools, and forums for web developers and testers. Malcolm also provides an overview of popular testing tools, including Burp Suite, Vega, and WebScarab. Learn how to use these utilities to run basic and advanced tests, and shore up sites against common attacks, such as SQL injections and cross-site scripting exploits. The course closes with some resources for practicing your skills, including testing sites such as Trustwave CrackMe Bank and Google Gruyere.